diff mbox series

tree-optimization/105736: Don't let error_mark_node escape for ADDR_EXPR

Message ID 20220614152646.357680-1-siddhesh@gotplt.org
State New
Headers
Series tree-optimization/105736: Don't let error_mark_node escape for ADDR_EXPR |

Commit Message

Siddhesh Poyarekar June 14, 2022, 3:26 p.m. UTC 
  The addr_expr computation does not check for error_mark_node before
returning the size expression.  This used to work in the constant case
because the conversion to uhwi would end up causing it to return
size_unknown, but that won't work for the dynamic case.

Modify the control flow to explicitly return size_unknown if the offset
computation returns an error_mark_node.

gcc/ChangeLog:

	PR tree-optimization/105736
	* tree-object-size.cc (addr_object_size): Return size_unknown
	when object offset computation returns an error.

gcc/testsuite/ChangeLog:

	PR tree-optimization/105736
	* gcc.dg/builtin-dynamic-object-size-0.c (TV4, val3,
	test_pr105736): New struct declaration, variable and function to
	test PR.
	(main): Use them.

Signed-off-by: Siddhesh Poyarekar <siddhesh@gotplt.org>
---

Tested:

- x86_64 bootstrap and test
- --with-build-config=bootstrap-ubsan build

May I also backport this to gcc12?

 .../gcc.dg/builtin-dynamic-object-size-0.c    | 19 ++++++++++++++++++
 gcc/tree-object-size.cc                       | 20 ++++++++++---------
 2 files changed, 30 insertions(+), 9 deletions(-)
diff mbox series

Patch

diff --git a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-0.c b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-0.c
index b5b0b3a677c..90f303ef40e 100644
--- a/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-0.c
+++ b/gcc/testsuite/gcc.dg/builtin-dynamic-object-size-0.c
@@ -479,6 +479,20 @@  test_loop (int *obj, size_t sz, size_t start, size_t end, int incr)
   return __builtin_dynamic_object_size (ptr, 0);
 }
 
+/* Other tests.  */
+
+struct TV4
+{
+  __attribute__((vector_size (sizeof (int) * 4))) int v;
+};
+
+struct TV4 val3;
+int *
+test_pr105736 (struct TV4 *a)
+{
+  return &a->v[0];
+}
+
 unsigned nfails = 0;
 
 #define FAIL() ({ \
@@ -633,6 +647,11 @@  main (int argc, char **argv)
     FAIL ();
   if (test_loop (arr, 42, 20, 52, 1) != 0)
     FAIL ();
+  /* pr105736.  */
+  int *t = test_pr105736 (&val3);
+  if (__builtin_dynamic_object_size (t, 0) != -1)
+    __builtin_abort ();
+
 
   if (nfails > 0)
     __builtin_abort ();
diff --git a/gcc/tree-object-size.cc b/gcc/tree-object-size.cc
index 5ca87ae3504..12bc0868b77 100644
--- a/gcc/tree-object-size.cc
+++ b/gcc/tree-object-size.cc
@@ -695,19 +695,21 @@  addr_object_size (struct object_size_info *osi, const_tree ptr,
 	var_size = pt_var_size;
       bytes = compute_object_offset (TREE_OPERAND (ptr, 0), var);
       if (bytes != error_mark_node)
-	bytes = size_for_offset (var_size, bytes);
-      if (var != pt_var
-	  && pt_var_size
-	  && TREE_CODE (pt_var) == MEM_REF
-	  && bytes != error_mark_node)
 	{
-	  tree bytes2 = compute_object_offset (TREE_OPERAND (ptr, 0), pt_var);
-	  if (bytes2 != error_mark_node)
+	  bytes = size_for_offset (var_size, bytes);
+	  if (var != pt_var && pt_var_size && TREE_CODE (pt_var) == MEM_REF)
 	    {
-	      bytes2 = size_for_offset (pt_var_size, bytes2);
-	      bytes = size_binop (MIN_EXPR, bytes, bytes2);
+	      tree bytes2 = compute_object_offset (TREE_OPERAND (ptr, 0),
+						   pt_var);
+	      if (bytes2 != error_mark_node)
+		{
+		  bytes2 = size_for_offset (pt_var_size, bytes2);
+		  bytes = size_binop (MIN_EXPR, bytes, bytes2);
+		}
 	    }
 	}
+      else
+	bytes = size_unknown (object_size_type);
 
       wholebytes
 	= object_size_type & OST_SUBOBJECT ? var_size : pt_var_wholesize;